Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: Re: RE: ADS Password Storage Protection

from [Harold Winshel] Network Security [Permanent Link]
Subject: RE: Re: Re: RE: ADS Password Storage Protection
Date: Thu, 20 Jul 2006 06:12:44 -0400 
Dave,

I had actually seen most of those sites and did find them to contain excellent discussions.

However, unless I missed it, I didn't see anything touching on what I'll call "strong passphrases."

Thanks,

Harold

At 01:16 PM 7/18/2006, dave kleiman wrote: 
Winshel,


That would be because after 14 characters there is no LM hash store of the
password on a windows system.

Some excellent resources for discussions on good password polices and ideas:
http://www.securityfocus.com/archive/88/312263

5-Minute Security Advisor - Choosing a Good Password Policy:
http://www.microsoft.com/technet/archive/community/columns/security/5min/5mi
n-302.mspx

Frequently Asked Questions About Passwords:
http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx

The Great Debates: Pass Phrases vs. Passwords:
http://www.microsoft.com/technet/community/columns/secmgmt/sm1004.mspx
http://www.microsoft.com/technet/community/columns/secmgmt/sm1104.mspx
http://www.microsoft.com/technet/community/columns/secmgmt/sm1204.mspx

And:
http://www.syngress.com/catalog/?pid=3420
http://www.castlecops.com/a5842-Passwords_Staying_Safe.html




Dave






   -----Original Message-----
    From: winshel@camden.rutgers.edu
    [mailto:winshel@camden.rutgers.edu]
    Sent: Monday, July 17, 2006 23:49
    To: security-basics@securityfocus.com
    Subject: Re: Re: Re: RE: ADS Password Storage Protection

    Thanks for the comment.  I'm still unclear - if I'm not
    mischaraterizing the situation - why there seems to be a
    lot of support for the idea that a 15 character windows
    passphrase can be a real phrase and be very secure.  Do you
    think there is - or will be in the near future - a
    passphrase attack?    Is there such a thing as a "strong
    passphrase?"


Harold Winshel
Computing and Instructional Technologies
Faculty of Arts & Sciences
Rutgers University, Camden Campus
311 N. 5th Street, Room B36 Armitage Hall
Camden NJ 08102
(856) 225-6669 (O)


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Executing app with admin privileges, Dummy cerberus
Next by Date:  RE: ADS Password Storage Protection, Harold Winshel
Previous by Thread:  RE: Re: Re: RE: ADS Password Storage Protection, dave kleiman
Next by Thread:  Re: ADS Password Storage Protection, Eoin Miller
Indexes:  [Date] [Thread] [Top] [All Lists]